Jimmy
May 23 2007, 10:05 PM
QUOTE PHP Security
If you are using PHP on your website we ask that you please read the following carefully.
We have noticed a significant number of PHP websites are being compromised due to vulnerable PHP code. Spammers are scanning millions of websites on the Internet looking for PHP scripts that can be exploited to send spam. When they find a script that has a loophole they send thousands of email messages through the script, often taking down the website or severely impacting website performance.
Generally these loopholes exploit code using parameters from a form being passed straight to a mail command or page include without being checked for extra characters. These problems include line feeds in email names and addresses, or including any page passed to the script.
When we find a site that is being exploited we often have to disable scripting for the whole site or at least for the compromised script (if we can identify it), this can mean unexpected downtime for your website. This problem affects all PHP websites available on the Internet, not just ones hosted by Heart Internet.
This issue can often be resolved by upgrading to the latest version of the script or in the case of custom scripts asking your developer to close the loophole that has been exploited.
We would ask that you carry out a security audit on your PHP scripts to ensure they are not vulnerable. Whilst we cannot carry out this process for you if you do have any questions then please feel free to contact us. If you are a reseller can we ask that you contact your customers about this issue as well.
Thank you for your assistance with this matter.
That's all for now Hope this helped you all! I know there are newly setup companies offering free audits around, try and google em! Join The Anti-Spam community - put this link at the bottom of your page: CODE <a href="http://www.auditmypc.com/freescan/antispam.html" target="_blank">
Anti Spam</a> It will give a list of duff email addresses for the bots to harvest, and at the bottom is a link to another page of duff links, and then another link to more, and this repeats essentially forever! Sending the bots into byebye land, it will simply overload them... hopefully.
Reply
ghostrider
May 23 2007, 10:52 PM
Thanks for posting this. Just checked through my PHP scripts and I'm totally unvulnerable  .
Reply
Recent Queries:--
security - 25.96 hr back. (1)
Similar Topics
Keywords : php, security, vulnerability, beware, spammers, notice, site, slow, victim
- White Paper: Security Threat Report: 2008
(0)
Security Warning 2008: Top 11 Malware Threats To Watch Out For
(0) Before I go into this topic I have to say, stop making up these crazy names. I know I just getting
into the security side of things but still as long as there are computer problems and ways to sucker
someone into downloading the stuff, the crazy names will still live on. QUOTE Lieware
ADVERTISEMENT In 2007, there was a lot of "rogue anti-virus software," which is sometimes also
referred to as "fake anti-virus software." But these terms are confusing because there's too
much negation going on. Fake anti-virus software is not anti-virus software at all. So what ....
New Security Hole Discovered In Excel
(0) Well I have to same I am bit surprise on this security flaw especially what it can do; in which all
a user has to do is open a malicious Excel document and it allows the hackers to execute remote code
on to your system. As far as how wide spread this vulnerability is, it hits every excel software
from Excel 2000 to Excel 2003 SP2, and it also includes the Mac Version of Excel 2004 as well. OF
course with the disappointment of Office 2007 by some people will still be running the 2003 versions
on their computers. Right now the attacks are minimal and the question for t ....
Security Commom Sense
(0) A very good article titled "Security Common Sense" in gnucitizen.org Below is the link to that
article http://www.gnucitizen.org/blog/security-common-sense Website Link
http://www.gnucitizen.org "We basically train a bunch of monkeys to click the yes button for
every security warning." Don't you think many of us fall under the category? because most of
the time we do not see what the dialog says, but press Yes, which might not treat you well
sometimes... A good read.....
Symantec's Top 10 Internet Security Trends Of 2007
(3) Well I saw this article and after reading it all just to find the top 10 security problems I thought
I share them and give my thoughts about them. I know I know its horrible but what can I say, its me
/laugh.gif" style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" />. 1.) Data
Breaches For the most part I am not surprise especially the big stories of 2007 which include the
TJ Max breach of 45 million credit/debit cards; I believe that has been the biggest hack job ever in
terms of stolen cards and id theft (somewhat). Oh lets not forget the al....
Security Guidelines For Internet Users
(6) Security Guidelines for Internet Users 1. Install an anti-virus software, you can free ones like
AVG Free . Ensure that it's regularly updated - this is of the utmost importance. 2.
Anti-virus software is not enough, the security can be tightened using a firewall software which
will help you prevent unauthorized incoming and outgoing communications from your computer while
connected to the Internet. 3. Disconnect your computer from the Internet when not in use. The
longer you are connected to the Internet, the more opportunity you give for persons to gain un....
Spammers, Hackers Seize On Virginia Tech Shootings
(3) Ok to me I consider the sickest form of human idiots ever, bad enough you have some people mocking
the shooter but now you got people using spam and hacking computers by using the Virginia Tech
shootings, This person should be found and beating for using a tragic event like this and trying to
profit from it. The spam/hack goes like this QUOTE If clicked, the link caused a computer to
automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which
installs a Trojan horse program that collects banking details, Cluley said. It was a....
Skype & P2p Users - Beware About These Following Worms
(2) With the Skype worm it a simple process of your computer getting infected the worm grabs all the
emails that your skype account has and sends a Instant message to click on this which also downloads
a trojan so other malicious software can installed on that infected computer. Also a person is
directed at least 8 which in the most likely case are scam sites to of course get that person's
info, but so far it hasn't cost any real damage like some of the other attacks skype has seen in
the past. SOURCE Here As well all know everyone is in the P2P since napster an....
Brand New Security Holes Found And Patch On This Month Updates And Office Exploits
(0) Even though the fiasco with the .ANI exploit is still going strong microsoft released it's month
updates this time they found 4 more critical breaches in it's systems (XP), most people should
have gotten the update pop up screen yesterday. So here is the info on these critical flaws.
http://go.microsoft.com/fwlink/?LinkId=84687 http://go.microsoft.com/fwlink/?LinkId=85130
http://go.microsoft.com/fwlink/?LinkID=85163 http://go.microsoft.com/fwlink/?LinkID=85164
http://go.microsoft.com/fwlink/?LinkId=80251 I don't know how reliable vista will be af....
Security Firm Kaspersky Lab Creates Ipod Virus
(1) With the flood of news coming about the .ani exploits it seems the tech world is recieve more news
about new hacks, viruses and other bad stuff these days. Today Kaspersky Lab created a virus that
is able to affect the Ipod, however, it is only affecting Ipod's that have linux installed and
not the standard OS that comes with Ipod. The virus goes by the name of Podloso, although they say
it doesn't show a current threat this virus does show the possiblity to install malware into
devices such as the Ipod. They also mention that the virus does not copy it self....
Major Flaw In .ani File Found In Windows 98 Through Vista Creates Major Security Risk
Vista Aint that Secure at all (9) I was able to browse around this and found it interesting since this vunerability is found in 4
Microsoft Operating Sytems, Windows 2000, Windows XP, Windows Vista, Windows 2003 Server. From the
article Microsoft stated that their is a hole in the .ani files, which happen to be related tothe
mouse cursor, when the mouse icon changes depending on what you do. They only mention that with
this flaw it always hackers to break into someone computer and do their thing. But in another
article relating to this attack it was mention that in order for this to happen a user has ....
Anyone Have Info On "spyhackerz.com"?
failed hacking attempt at my site by these guys (17) Hi all I just checked my site, hosted here at trap17.com, and my guestbook was full of html code,
when i checked the file used to store the content of the guestbook i notice the HTML was as follows
QUOTE Hacked By Spyhackerz.com www.spyhackerz.com
src=http://spyhackerz.com/music/index.mp3 width=20 height=15 autostart="true" loop="true">
So im just wondering if anyone has any info on these people. I recommend not going
on the website incase they trace your IP etc....I haven't visited yet eithe....
Cpanel Exploit
security hole in cPanel to hack the servers of a hosting company (8) A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
It's a local exploit, meaning the attacker must control a cPanel account on the target hosti....
A Very Simple Security Tip
for Windows 2000/XP (13) We all know the difference between a limited user and an administrator user under Win2k/XP - you
can't/can install major software, perform system maintainence, and other stuff. But using a
limited user on a day-to-day basis also provides you with decent protection from a bunch of threats:
if the malware is running under your limited-rights user, it can only do as much as you can. For
instance, a limited rights user can't edit the HKLM hive of the Registry, so any malware running
under the same user won't be able to touch that area. It's extremely simple t....
Rootkits
the security threats that no one's heard of (2) a security threat to be concerned with is the increasing prevalence of viruses containing advanced
rootkits to hide their actions or data on the computer. even from the anti-stuff tools. a
rootkit was originally a name for tools that hackers/crackers would use to maintain root on
unix/linux machines. root is the uber user with all the permissions on a linux box. on windows
these tools can be used to hide data on the harddrive and in the registry by manipulating the way
the data is stored. THe windows api(the thing windows uses to communicate to the hardware) read....
Security Not Safe
(2) Hi everyone!!!!!!! This is the last one!! /tongue.gif"
style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" /> Ok guys, I heard
somewhere that if we protect some page with password, it is steel not safe at all, if we dont hace a
secure connction (http s ://...) How is it true? is there a posibility that some one can see a page,
even if it is protected by password? (the scrit in tha page don't allow IDs that didn't past
from the login page) is that script sufficent? thanks a lot to every one /biggrin.....
Microsoft Windows Dhcp Client Service Remote Code Execution Vulnerability
(0) What it is A exploit in the buggy OS of XP has been found, this one concering DHCP. OS effected
Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows
2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced
Server SP4 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP3 Microsoft
Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Professional Microsof....
Manual Virus Removing And Security.
(0) Talking about manual removals of viruses I thought I better be a pioneer of this by sharing my
knowledge about a virus. I would like to tell the effects and manual removing technique of a very
common and irritating virus, that is HTML Redoff. First I would like to discuss its effects, HTML
Redoff virus infects kernel32.dll file which is installed in your “WINDOWS\SYSTEM” directory in
case you have Windows 98 and “WINDOWS\SYSTEM32” directory in case you have Windows XP and all
the .htm, .html, folder.htt and desktop.ini files on your PC thus it slows down your....
Serious Mac Os Flaws
Serious security flaws (1) On the end of February was discovered that the first trojan (Leap) to target Apple Computer's
Mac OS X, it was published on a new worm that exploits an 8-month-old vulnerability in the operating
system, its know by the name of Inqtana, the worm use Bluetooth to propagate, once it infects a
computer it searches for other Bluetooth-enabled devices and sends itself to those it finds, this
may not be very alarm, but the source code could be easily modified by a future attacker to do
damage like Symantec said, Symantec also says it believes the two pests were developed on....
Microsoft Ships First Vista Security Patches
yup, got that right -- VISTA (9) Microsoft Ships First Vista Security Patches http://www.eweek.com/article2/0,1895,1911406,00.asp
QUOTE Microsoft Corp. has shipped the first critical security update for Windows Vista, the
next version of its flagship operating system. Over the weekend, the company released patches for
beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista
Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in
the Graphics Rendering Engine. A Microsoft spokesperson told eWEEK that the Vi....
Light To Heavy Security Tips
Some (helpful?) Suggestions (4) (excessively long intro, skip to 'suggestions' for immediate tips) Its almost 2 am and I
just finished an email detailing some ideas I had to keep systems a little more secure than usual (
tips that can be applied to most any Windows users system ). I dont feel like re-editing it so it
doesnt sound I copied and pasted it from my email, cause I did, and its late. Please note THIS IS
NOT SPAM. I did write all of this, just in an email before I copied and pasted it here. These are
entirely valid and ( I hope ) helpful tips for most anyone. Of course I hate just yap....
Evil Bit In Ipv4 Header
There's a security flag in IPv4 Header (0) I found this amusing. believe it or not, there is an evil bit in the IPv4 header, QUOTE The
bit field is laid out as follows: 0 +-+ |E| +-+
Currently-assigned values are defined as follows: 0x0 If the bit is set to 0, the packet has
no evil intent. Hosts, network elements, etc., SHOULD assume that the packet is
harmless, and SHOULD NOT take any defensive measures. (We note that this part of the spec
is already implemented by many common desktop operating systems.) 0x1....
Beware Of Fake Fbi Email
(23) i was just on shoutbox and saint michael said someone sent him an email with virus and fbi in it so
im just letting yall kno beware of it but here is the email that is being sent QUOTE
http://www.astahost.com/just-got-email-fbi-t9312.html the email address is Admin@fbi.gov (phoney)
Dear Sir/Madam, we have logged your IP-address on more than 30 illegal Websites. Important: Please
answer our questions! The list of questions are attached. Yours faithfully, Steven Allison
*** Federal Bureau of Investigation -FBI- *** 935 Pennsylvania Avenue, NW, Room 3220....
Shieldsup! Internet Vulnerability Test
free test to see how vulnerable you are (17) Gibson Research Company (GRC) has a number of free tests available and their ShieldsUp! is one
of the best I've seen around. QUOTE Without your knowledge or explicit permission, the
Windows networking technology which connects your computer to the Internet may be offering some or
all of your computer's data to the entire world at this very moment! Using this online
utility, you can check on your Windows file sharing, probe common ports and service ports, see what
Windows Messenger is doing in the background, check up on Internet Explorer and muc....
System Security
Please critique my configuration (6) I would just like to have comments on any holes that I might have. I have been using this
configuration for a while, but want to hear what others think. Here's my security setup: OS:
XP Pro SP2 AV: AVG Antivirus, updates/scans automatically Firewall:
Sygate Personal Firewall AntiSpy: Spybot Search and Destroy, manual update/scan,
teatimer prevents unauthorized registry changes.
Spyware Blaster, manual update, automatic scan. Backup: Norton Ghost (sys....
Antihack Security
reply (8) Hello everyone. Ive looked over all of your questions. I think some of them are pointless. Although
they were questions so here are your anwsers. #1) Antihack was posted on a free site because its
free why pay #2) No it is not a virus os something were you got the IDEA is beyond me All I
am trying to do is tell everyone about antihack. I noticed people talk about computer issues here so
I said hey I bet those guys could use antihack. The reason why I like it is that I get everything
antivirus, antispyware, and firewall PLUS a hole crap load of security holes are....
Linux Security Tools
(5) Hi, I've posted some security tools and links in my last posts,I preferd to post new topic and
send he extra here : Network Sniffers # DSniff http://www.monkey.org/~dugsong/dsniff/ #
Ethereal - full network protocol sniffer/analyzer http://www.ethereal.com/ # IPTraf - curses based
IP LAN monitor http://iptraf.seul.org/ # TcpDump - network monitor and data acquisition
http://www.tcpdump.org/ # KISMET - 802.11 wireless network detector, sniffer and intrusion
detection system http://www.kismetwireless.net/ Online Tools # AutomatedScanning.com - commer....
List Of Security Sites
(7) List of security sites, I'll try to update the list as soon as I can . with compilations of
recent security threats, Global Incident Analysis Center (GIAC), GIAC training, and Reading Room
http://www.sans.org/ http://www.infragard.net/ http://www.cert.org/security-improvement/
CERT Security Improvement Modules,including general information on firewalls and intrusion
detectors. excellent set of papers on firewalls, viruses, e-commerce, etc. http://www.icsa.net/
http://www.gocsi.com/ (Source of the annual "CSI/FBI Computer Crime and Security Su....
Email Clients
Which One Do You Trust For Security? (23) Many people don't care about email account security and just go for a Hotmail account because
it's automatically MSN compatible or a Gmail account because it has lots of space. But out of
those of you who choose your email based on safetey and security, which client do you recommend?
There are tons out there. Personally, I use GMX.net, it's a German service with extremely high
security. They have a password meter to check your password for how easy or hard it might be to
guess, encouraging you to use upper and lower case letters along with numbers. They veri....
Security Issue With Mozilla Based Browsers
Read the story onAstahost.com (22) I'm not going to post the same issue / solution on both forums. If you have a Mozilla based
browser it would be in your best interest to read this story. Browsers affected by this exploit
are: Mozilla 1.7.x Mozilla Firefox 0.x Mozilla Firefox 1.x Mozilla Thunderbird 0.x Mozilla
Thunderbird 1.x Security Issue in Mozilla based browsers Thank You Nils....
Looking for php, security, vulnerability, beware, spammers, notice, site, slow, victim
|
|
Searching Video's for php, security, vulnerability, beware, spammers, notice, site, slow, victim
|
advertisement
|
|
